CVE-2008-4554

Published: 15 October 2008

The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.

From the Ubuntu security team

Olaf Kirch and Miklos Szeredi discovered that the Linux kernel did not correctly reject the "append" flag when handling file splice requests. A local attacker could bypass append mode and make changes to arbitrary locations in a file. This issue only affected Ubuntu 7.10 and 8.04.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.27)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commitdiff;h=efc968d450e013049a662d22727cf132618dcb2f
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code not present)
linux-source-2.6.22
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.27)